Why This Cheat Sheet Matters for DVA-C02
This cheat sheet covers the most important Amazon API Gateway concepts tested on the DVA-C02 (AWS Developer Associate) certification exam. It contains 4 sections with 14 key points that you should memorize before exam day. Build and manage REST, HTTP, and WebSocket APIs. Study stages, deployment, throttling, caching, authorizers (Lambda, Cognito, IAM), request/response transformations, and usage plans. Use this as a quick-reference guide during your final review sessions.
4Sections
14Key Points
API Types
- REST API: full-featured — caching, usage plans, API keys, request/response transformations, WAF.
- HTTP API: simpler, cheaper, faster — JWT authorizers, OIDC, CORS auto-config. No caching or usage plans.
- WebSocket API: persistent connections for real-time bidirectional communication.
Authorization
- IAM authorization: Signature Version 4 signing. Best for AWS service-to-service calls.
- Lambda authorizer (custom): returns an IAM policy. Token-based or request parameter-based.
- Cognito authorizer: validates JWT tokens from a Cognito User Pool. REST API only.
- HTTP API supports JWT authorizers natively (Cognito or any OIDC provider).
Stages & Deployments
- A deployment creates a snapshot of the API. A stage is a named reference to a deployment.
- Stage variables act like environment variables — use them to route to different Lambda aliases or backends.
- Canary deployments split traffic between the current stage and a canary for safe rollouts.
Throttling & Caching
- Default: 10,000 requests/second across all APIs in a region. Burst: 5,000.
- Per-method throttling can override account-level defaults.
- REST API caching: 0.5 GB to 237 GB. TTL: 0 to 3,600 seconds. Invalidate with Cache-Control: max-age=0.
- 429 Too Many Requests = throttled. 504 Gateway Timeout = backend integration timeout (max 29s).
Practice API Gateway Questions
Put your knowledge to the test with practice questions.